Using the SEAM Tool With Limited Kerberos Administration
Privileges

All features of the SEAM Administration Tool are available if your admin principal has all the privileges to administer the Kerberos
database. However, you might have limited privileges, such as only being allowed
to view the list of principals or to change a principal's password. With limited
Kerberos administration privileges, you can still use the SEAM Tool. However,
various parts of the SEAM Tool change based on the Kerberos administration
privileges that you do not have. Table 25–6 shows how the SEAM Tool changes based on your Kerberos administration
privileges.

The most visual change to the SEAM Tool occurs when you don't
have the list privilege. Without the list privilege, the List panels do not
display the list of principals and polices for you to manipulate. Instead,
you must use the Name field in the List panels to specify a principal or a
policy that you want to manipulate.

If you log in to the SEAM Tool, and you do not have sufficient privileges
to perform tasks with it, the following message displays and you are sent
back to the SEAM Administration Login window:

Insufficient privileges to use gkadmin: ADMCIL. Please try using another principal.

The Create New and Duplicate buttons are unavailable in the Principal
List and Policy List panels. Without the add privilege, you cannot create
new principals or policies, or duplicate them.

d (delete)

The Delete button is unavailable in the Principal List and Policy List
panels. Without the delete privilege, you cannot delete principals or policies.

m (modify)

The Modify button is unavailable in the Principal List and Policy List
panels. Without the modify privilege, you cannot modify principals or policies.

Also, with the Modify button unavailable, you cannot modify a principal's
password, even if you have the change password privilege.

c (change password)

The Password field in the Principal Basics panel is read only and cannot
be changed. Without the change password privilege, you cannot modify a principal's
password.

Note that even if you have the change password privilege, you must also
have the modify privilege to change a principal's password.

i (inquiry to database)

The Modify and Duplicate buttons are unavailable in the Principal List
and Policy List panels. Without the inquiry privilege, you cannot modify or
duplicate a principal or a policy.

Also, with the Modify button unavailable, you cannot modify a principal's
password, even if you have the change password privilege.

l (list)

The list of principals and policies in the List panels are unavailable.
Without the list privilege, you must use the Name field in the List panels
to specify the principal or the policy that you want to manipulate.